When you withhold on technology and IT solutions for your business, the answers to these two questions are simple:

1) There is nothing standing between your business’s sensitive data and people who want to take advantage of that data

2) There is no redundancy plan

It happens way too often, and businesses may not focus on their technology infrastructure or security.

Avoiding security can cost them dearly in time, money, resources and clients. When it comes to investing in IT, here are three things you never want to under-invest on.

SECURITY.

Far too many businesses – from small to large, under-invest in IT security. We touch on this topic because we see it a lot. These are business owners and managers who fall into the mindset of “It won’t happen to me.” This is a dangerous line of thinking.

For small businesses, a data breach can be devastating. Not only is data compromised and potentially copied or stolen, but your clients will also immediately question whether they should trust you. There’s a good chance they end up taking their business elsewhere.

When IT security isn’t a priority and you invest in the cheapest option available, it’s like asking hackers to let themselves in. One study by the security firm Imperva found that over 50% of all Internet traffic is made by bots. Many of these bots are looking for security holes. They test websites and networks, looking for entry. If they find their way in, they can do some serious damage.

Investing in solid IT security – with an experienced team of IT specialists behind that security – can prevent that damage from ever happening in the first place. It’s not only about protecting your business assets but also protecting your clients and giving them another reason why they should trust you.

BACKUPS.

You keep all of your data on-site with no backups. It’s all stored in one central location and that’s it. This is a recipe for disaster if you get hacked, but it can be an even bigger disaster if a hard disk or server fails.

Suddenly, you find yourself unable to access client information, invoices, phone numbers – you name it. Having a backup on- site or in the cloud means everything you do has an extra layer of protection. A backup gives you the ability to restore your data should the worst-case scenario occur.

It’s even better to go a step further and have a backup for the backup. Have one on-site solution and one cloud-based solution. Even if the backup to the backup is as simple as a 4TB hard drive from Amazon, it has the potential to save your business should anything go wrong.

Of course, you also need a system in place to make sure data is being regularly and accurately updated.

Another mistake business make is buying a backup or backup service, but not making the best use out of it. For example, they simply never bother to set it up. Or it is set up but isn’t configured correctly and is not backing up data as intended – or is backing up data too infrequently to be useful.

UPDATES.

How old is your technology? Think about the hardware you’re running – and the software on that hardware. Letting your technology fall behind the times, is not good. Not only are you opening yourself up to security vulnerabilities, but you may also be operating on technology that’s no longer supported by the developers.

If the developers are no longer publishing updates or supporting the software, this is a huge security red flag that you need to update. On top of that, should you or an employee need to troubleshoot a piece of unsupported software, you may find yourself going up against walls. There might be no one to call, and if a Google search doesn’t help, you may be out of luck.

The potential headaches don’t end there. If you’re running unsupported software on shiny, new hardware, you may be voiding the warranty of that hardware (always check your warranties and the fine print of any hardware you buy).

Alternatively, if you’re trying to run brand-new software on old hardware, chances are you’re going to run into compatibility issues. That wonderful piece of software might not work, or work the way you expected it to, all because you didn’t want to update your old hardware.

Sometimes, upfront – you cannot see the security investment working to your advantage. Although, being prepared will save much more money in the long run and reduce the worry of something happening to your business.

First, What is a Security Plan?

A Security Plan or System Plan documents the controls that have been selected to mitigate the risk of a system. The controls are determined by a Risk Analysis.

Assisting with the process NIST (National Institute of Standards and Technology) provides a catalog of controls with templates outlining the Cybersecurity Framework for Critical Infrastructure and Security Plan. Businesses may use the outline when creating their Security Plan.

How to Implement Your Security Plan?

1. Take an inventory of your physical and information assets (what are you protecting?).
2. Perform a risk assessment to determine what level of security is needed to protect your information assets.
3. Complete the checklist to make you aware of your security strengths and weaknesses
4. Complete an evaluation. Evaluate your findings and discuss recommendations to correct deficiencies and/or improve security with departmental administration and IT staff.
5. Develop a security plan. Create a plan with target dates for implementation.
6. Set Deadlines / Completion Dates
7. Project Management – Monitor the process from start to finish
8. Evaluate upon completion

Responsibilities for a Departmental Security Plan

Inventory – IT Staff

Risk Assessment – Systems Administrator

Checklist – Systems Administrator

Evaluation – Systems Administrator

Plan – IT Staff & Systems Administrator

What does a simple IT security plan schedule look like?

Tasks Example:

Draft Security Plan

Submit Plan for review by other managers / outsourced IT company for this process.

Over the past year, 4,149 data breaches compromised more than 4.2 billion records, shattering the previous all-time high of about 1 billion exposed records. This assessment comes from the 2016 Year End Data Breach QuickView Report.

Too many companies are failing to implement basic data IT security controls

Its extremely important that companies follow the basic data security needs. It doesn’t take a genius to realize that there remains a disconnect between the realities of the breach threat and the practicalities of defending against it. Businesses must understand the risks, and how to best protect themselves and their clients against a potential breach.

At the end of the day a Ransomware outbreak or data breach will strain the relationship between you and your clients, so you need to focus on delivering consistent, quality service and limiting the possibility of a breach.

Here are five things you definitely need to think about when it comes to IT Data Security:

When upgrading or disposing of devices with sensitive data, contact a professional for physical destruction of the data-containing component of the device. Deleting files from your hard drive isn’t enough. Data can still be recovered if not correctly destroyed.

Furthermore, dealing with breaches will never be an easy task and that’s why you must protect yourself before they become an issue. Understand what data can be compromised and how. Search the internet for tips, documents and case studies. If you still feel like your business is “at-risk” call the managed IT professionals, SecurityRI.com.

On June 26th, Governor Gina Raimondo signed the New Rhode Island Identity Theft Protection Act of 2015. Although, are you aware that updated provisions have been made, and businesses must comply?

You’re probably thinking if the act applies to your business?

It does apply for anyone or entity who or that “stores, collects, processes, maintains, acquires, owns, uses, or licenses personal information about a Rhode Island resident.” This act has no exclusions based upon an organization’s size or number of employees.